News

Resources

Bitdefender, a leading global cybersecurity company protecting over 500 million users worldwide, continues to innovate with the introduction of “Detection of Cyberbullying and Online Predators” features included in Parental Control... Read More

BUCHAREST, Romania/SANTA CLARA, Calif, September 17, 2018 – a leading global cybersecurity company protecting over 500 million users across 150 countries, announced today that CRN®, a brand of The Channel... Read More

Ransomware has become one of the most profitable cybercrime verticals in recent years. Complex infection mechanisms and highly profitable affiliation schemes brought operators more than $1 billion in 2016.

GandCrab, the latest family of ransomware, started to claim victims in late January, demanding exorbitant prices (ranging from $400 to $700,000) in exchange for the decryptor.

We are proud to provide our technical expertise in fighting cyber-crime as part of our long-standing mission: to protect the world’s Internet users and organizations.

The free tool, provided by Bitdefender, the Romanian Police, the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and Europol, works for all known versions of GandCrab and is now ready for download on nomoreransom.org, an online portal available in 28 languages, and in the ransomware decryption tools section on labs.bitdefender.com.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Unfortunately, we can't decrypt version two right now, but we're working hard on finding a way to get your data back. Here is what you should do now:

– take a backup of your encrypted files and save them somewhere safe;
– take a backup of your ransom note and save it along with the encrypted files
– restore your computer to a working state and clean the infection
– hang on; we'll find a fix for this issue sooner or later.

In my case I still got trouble downloading the file using regular browsers or even free download manager as it always stop at 99%.

Overcame it, by using wget or downloading directly to my synology NAS.

However, the tool doesn’t work at all. Running it, normally or as Administrator, it asks if I would allow an AP from an unknown publisher to make changes to my device and once I click on Yes, it seems to load for a second (mouse cursor) and then nothing happens. Any suggestion?